Skip to main content
CVE-2021-21885 HIGH POC This Week

A directory traversal vulnerability exists in the Web Manager FsMove functionality of Lantronix PremierWave 2050 8.9.0.0R4. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Premierwave 2050 Firmware
NVD
CVSS 3.1
7.2
EPSS
2.4%
CVE-2021-21880 HIGH POC This Week

A directory traversal vulnerability exists in the Web Manager FsCopyFile functionality of Lantronix PremierWave 2050 8.9.0.0R4. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Premierwave 2050 Firmware
NVD
CVSS 3.1
7.2
EPSS
2.4%
CVE-2021-44733 HIGH POC This Week

A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Linux Information Disclosure Race Condition Linux Kernel Enterprise Linux +10
NVD GitHub
CVSS 3.1
7.0
EPSS
0.7%
CVE-2021-21937 MEDIUM POC This Month

A specially-crafted HTTP request can lead to SQL injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF SQLi R Seenet
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-21935 MEDIUM POC This Month

A specially-crafted HTTP request can lead to SQL injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF SQLi R Seenet
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-21934 MEDIUM POC This Month

A specially-crafted HTTP request can lead to SQL injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF SQLi R Seenet
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-21933 MEDIUM POC This Month

A specially-crafted HTTP request can lead to SQL injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF SQLi R Seenet
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-21932 MEDIUM POC This Month

A specially-crafted HTTP request can lead to SQL injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF SQLi R Seenet
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-21931 MEDIUM POC This Month

A specially-crafted HTTP request can lead to SQL injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF SQLi R Seenet
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-21930 MEDIUM POC This Month

A specially-crafted HTTP request can lead to SQL injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF SQLi R Seenet
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-21929 MEDIUM POC This Month

A specially-crafted HTTP request can lead to SQL injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF SQLi R Seenet
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-21928 MEDIUM POC This Month

A specially-crafted HTTP request can lead to SQL injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF SQLi R Seenet
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-21927 MEDIUM POC This Month

A specially-crafted HTTP request can lead to SQL injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF SQLi R Seenet
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-21926 MEDIUM POC This Month

A specially-crafted HTTP request can lead to SQL injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF SQLi R Seenet
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-21925 MEDIUM POC This Month

A specially-crafted HTTP request can lead to SQL injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF SQLi R Seenet
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-21924 MEDIUM POC THREAT This Month

A specially-crafted HTTP request can lead to SQL injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF SQLi R Seenet
NVD
CVSS 3.1
6.5
EPSS
20.2%
CVE-2021-21922 MEDIUM POC This Month

A specially-crafted HTTP request can lead to SQL injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF SQLi R Seenet
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-21908 MEDIUM POC This Month

Specially-crafted command line arguments can lead to arbitrary file deletion. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ic Module Firmware
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-21896 MEDIUM POC This Month

A directory traversal vulnerability exists in the Web Manager FsBrowseClean functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Premierwave 2050 Firmware
NVD
CVSS 3.1
6.5
EPSS
2.2%
CVE-2021-43156 MEDIUM POC This Month

In ProjectWorlds Online Book Store PHP 1.0 a CSRF vulnerability in admin_delete.php allows a remote attacker to delete any book. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Online Book Store Project In Php
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-20426 MEDIUM POC This Month

S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in /function/booksave.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP S Cms
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-20425 MEDIUM POC This Month

S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in the search function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS S Cms
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-39306 CRITICAL Act Now

A stack buffer overflow was discovered on Realtek RTL8195AM device before 2.0.10, it exists in the client code when an attacker sends a big size Authentication challenge text in WEP security. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Rtl8195Am Firmware
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-37706 CRITICAL PATCH Act Now

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow RCE Pjsip Certified Asterisk Asterisk +1
NVD GitHub
CVSS 3.1
9.8
EPSS
4.6%
CVE-2021-40612 CRITICAL PATCH Act Now

An issue was discovered in Opmantek Open-AudIT after 3.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Information Disclosure Open Audit
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2021-44031 CRITICAL Act Now

An issue was discovered in Quest KACE Desktop Authority before 11.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Kace Desktop Authority
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2021-44029 CRITICAL Act Now

An issue was discovered in Quest KACE Desktop Authority before 11.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Kace Desktop Authority
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2021-45267 MEDIUM POC This Month

An invalid memory address dereference vulnerability exists in gpac 1.1.0 via the svg_node_start function, which causes a segmentation fault and application crash. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-45263 MEDIUM POC This Month

An invalid free vulnerability exists in gpac 1.1.0 via the gf_svg_delete_attribute_value function, which causes a segmentation fault and application crash. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-45262 MEDIUM POC This Month

An invalid free vulnerability exists in gpac 1.1.0 via the gf_sg_command_del function, which causes a segmentation fault and application crash. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-45261 MEDIUM POC This Month

An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Patch
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-45260 MEDIUM POC This Month

A null pointer dereference vulnerability exists in gpac 1.1.0 in the lsr_read_id.part function, which causes a segmentation fault and application crash. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-45259 MEDIUM POC This Month

An Invalid pointer reference vulnerability exists in gpac 1.1.0 via the gf_svg_node_del function, which causes a segmentation fault and application crash. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-45258 MEDIUM POC This Month

A stack overflow vulnerability exists in gpac 1.1.0 via the gf_bifs_dec_proto_list function, which causes a segmentation fault and application crash. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-45419 HIGH This Week

Certain Starcharge products are affected by Improper Input Validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Titan 180 Premium Firmware Nova 360 Cabinet Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-21923 MEDIUM POC This Month

A specially-crafted HTTP request can lead to SQL injection. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF SQLi R Seenet
NVD
CVSS 3.1
4.9
EPSS
1.1%
CVE-2021-21921 MEDIUM POC This Month

A specially-crafted HTTP request can lead to SQL injection. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF SQLi R Seenet
NVD
CVSS 3.1
4.9
EPSS
1.1%
CVE-2021-21920 MEDIUM POC This Month

A specially-crafted HTTP request can lead to SQL injection. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF SQLi R Seenet
NVD
CVSS 3.1
4.9
EPSS
1.1%
CVE-2021-21919 MEDIUM POC This Month

A specially-crafted HTTP request can lead to SQL injection. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF SQLi R Seenet
NVD
CVSS 3.1
4.9
EPSS
1.1%
CVE-2021-21918 MEDIUM POC This Month

A specially-crafted HTTP request can lead to SQL injection. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF SQLi R Seenet
NVD
CVSS 3.1
4.9
EPSS
1.1%
CVE-2021-21907 MEDIUM POC This Month

A directory traversal vulnerability exists in the CMA CLI getenv command functionality of Garrett Metal Detectors’ iC Module CMA Version 5.0. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ic Module Cma
NVD
CVSS 3.1
4.9
EPSS
1.4%
CVE-2021-21878 MEDIUM POC This Month

A local file inclusion vulnerability exists in the Web Manager Applications and FsBrowse functionality of Lantronix PremierWave 2050 8.9.0.0R4. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Premierwave 2050 Firmware
NVD
CVSS 3.1
4.9
EPSS
1.2%
CVE-2021-36886 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability discovered in Contact Form 7 Database Addon - CFDB7 WordPress plugin (versions <= 1.2.5.9). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Contact Form 7 Database Addon
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-43851 HIGH PATCH This Week

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi PHP Time Tracker
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-21886 MEDIUM POC This Month

A directory traversal vulnerability exists in the Web Manager FSBrowsePage functionality of Lantronix PremierWave 2050 8.9.0.0R4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure Premierwave 2050 Firmware
NVD
CVSS 3.1
4.3
EPSS
1.9%
CVE-2021-43158 MEDIUM POC This Month

In ProjectWorlds Online Shopping System PHP 1.0, a CSRF vulnerability in cart_remove.php allows a remote attacker to remove any product in the customer's cart. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Online Shopping System
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2021-36750 HIGH This Week

ENC DataVault before 7.2 and VaultAPI v67 mishandle key derivation, making it easier for attackers to determine the passwords of all DataVault users (across USB drives sold under multiple brand. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Enc Datavault Enc Vaultapi Secureaccess
NVD
CVSS 3.1
8.1
EPSS
13.5%
CVE-2021-43804 HIGH PATCH This Week

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Pjsip Debian Linux
NVD GitHub
CVSS 3.1
7.3
EPSS
2.2%
CVE-2021-39013 MEDIUM This Month

IBM Cloud Pak for Security (CP4S) 1.7.2.0, 1.7.1.0, and 1.7.0.0 could allow an authenticated user to obtain sensitive information in HTTP responses that could be used in further attacks against the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Pak For Security
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-44544 MEDIUM This Month

DIAEnergie Version 1.7.5 and prior is vulnerable to multiple cross-site scripting vulnerabilities when arbitrary code is injected into the parameter “name” of the script “HandlerEnergyType.ashx”. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Diaenergie
NVD
CVSS 3.1
6.1
EPSS
9.5%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy